Skip to content
Navigation Menu
Toggle navigation
Sign in
Product
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
GitHub Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
Explore
All features
Documentation
GitHub Skills
Blog
Solutions
For
Enterprise
Teams
Startups
Education
By Solution
CI/CD & Automation
DevOps
DevSecOps
Resources
Learning Pathways
White papers, Ebooks, Webinars
Customer Stories
Partners
Open Source
GitHub Sponsors
Fund open source developers
The ReadME Project
GitHub community articles
Repositories
Topics
Trending
Collections
Enterprise
Enterprise platform
AI-powered developer platform
Available add-ons
Advanced Security
Enterprise-grade security features
GitHub Copilot
Enterprise-grade AI features
Premium Support
Enterprise-grade 24/7 support
Pricing
Search or jump to...
Search code, repositories, users, issues, pull requests...
Provide feedback
We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Saved searches
Use saved searches to filter your results more quickly
Sign in
Sign up
{{ message }}
sophoslabs
/
IoCs
Public
Notifications
You must be signed in to change notification settings
Fork
110
Star
509
Code
Issues
2
Pull requests
1
Actions
Projects
Security
Insights
Additional navigation options
Files
master
2023-08-25 Citrix CVE-2023-3519 attacks.csv
2023-10-ColdFusion-ransomware-IOCs.csv
2023-12 Akira followup.csv
2024-02_Payloads_associated_with_ScreenConnect_attacks.csv
2309 Tiny Turla backdoor.csv
2310 CVE-2023-40044 wsftp ransomware.csv
2311 Vice Society - Rhysida IoCs.csv
2404 impersonation campaign.csv
3CX IoCs 2023-03.csv
3proxy-backdoor-IOCs.csv
ATK-Brutel.csv
Andr-FakeApp.csv
Android-HiddAd-T
Android-fauxanticovid.csv
Android-pakchat.csv
Android_C23-spyware.csv
CVE-2018-0798 RTFs
CVE-2022-26134_attacks.csv
CVE-2022-3236_IOCs.csv
CloudChat-IOCs.csv
Cryptorom_fakeapps_2.csv
DLLsideloading-PlugX-USBworm-2023-03.csv
Follina_CVE-2022-30190_hashes.csv
FoolsGoldMetaTraderShaZhuPan.csv
IOC_imagespam.csv
Iranian-banking-malware.csv
Karma_Conti_joint_IOCs.csv
Mal-BadNode.csv
Mal-EncPk-APV_IOCs.csv
Malspam-OtoGonderici
Malware-SystemBC.csv
Miner-Mrbminer.csv
Miner-Tor2Mine.csv
MoDi-RAT-reflective-injection.csv
Nitrogen 2023-07.csv
OWASSRF IOCs 2023-03.csv
PUA-QuickCPU_xmr-stak.csv
Qakbot-onenote-attacks.csv
README.md
Ransom-Lockbit_20220412.csv
Ransomware-AstroLocker.csv
Ransomware-BlackByte.csv
Ransomware-Conti.csv
Ransomware-Dharma-RaaS.csv
Ransomware-Dharma-console-history-toolbelt-script.txt
Ransomware-Egregor.csv
Ransomware-EpsilonRed.csv
Ransomware-LockBit
Ransomware-LockBit.csv
Ransomware-Lockbit3-IOCs.csv
Ransomware-Matrix
Ransomware-Maze.csv
Ransomware-MegaCortex
Ransomware-Midas.csv
Ransomware-MountLocker.csv
Ransomware-Netfilim.csv
Ransomware-Netwalker
Ransomware-Play.csv
Ransomware-ProLock.csv
Ransomware-REvil-Kaseya.csv
Ransomware-Ryuk.csv
Ransomware-Snatch
Ransomware_BlackCat - triple ransomware attack.csv
Ransomware_BlackKingDom.csv
Ransomware_DearCry.csv
Ransomware_Hive - triple ransomware attack.csv
Ransomware_Lockbit - triple ransomware attack.csv
Ransomware_Prolock_services_stopped.csv
Ransomware_prolock_processes_stopped.csv
ShaZhuPanfakeapps.csv
Stealer-Baldr
Sunburst_blocklists.csv
Troj-Agent-BKJE.csv
Troj-AgentTesla.csv
Troj-BazarBackdoor.csv
Troj-BazarLd.csv
Troj-BuerLd-A.csv
Troj-DocDL-AEOL.csv
Troj-DropperAsAService.csv
Troj-Emotet-Ukraine_maldocs.csv
Troj-KilllSomeOne.csv
Troj-Kingmine
Troj-Miner-AED.csv
Troj-PS-FX.csv
Troj-Polazert_IOCs.csv
Troj-Qakbot.csv
Troj-Ransom-GXS.csv
Troj-gootloader.csv
Troj-gootloader.yara
Troj_Agent-BJJB.csv
Troj_GuLoader.csv
Trojan-Glupteba
Trojan-LDMiner.csv
Worm-Raspberry-Robin.csv
Worm-WannaCry
Zemana-driver-IoCs.csv
atk-backstab-d.csv
bitcoin-addys
crimson_palace_post-08-2023.csv
crimson_palace_prior_intrusions.csv
crimson_palace_stac1248-alpha.csv
crimson_palace_stac1305_charlie.csv
crimson_palace_stac1870_bravo.csv
defi-mining-scams-iocs.csv
double-dragon-breath-iocs.csv
email account compromise 365 2023-06.csv
files_hosted_on_discord.csv
fleeceware-chatbot-apps.csv
mal-fakealert.csv
maldrivers_release_2.csv
malware-MyKings
malware-MyKings-domains
malware-MyKings-v2.csv
malware-Raticate
malware-raticate-cloudeye.csv
ms-msdt restore registry key.reg
papercut-nday-indicators-of-compromise.csv
raccoonstealer.csv
ransomware_atomsilo.csv
ransomware_memento.csv
smishing campaign targeting Indian customers 2023-04.csv
usb worm with global reach.csv
Breadcrumbs
IoCs
/
crimson_palace_stac1870_bravo.csv
Blame
Blame
Latest commit
packetrat
Add files via upload
Jun 6, 2024
bd83a7a
·
Jun 6, 2024
History
History
10 lines (10 loc) · 850 Bytes
Breadcrumbs
IoCs
/
crimson_palace_stac1870_bravo.csv
Top
File metadata and controls
Preview
Code
Blame
10 lines (10 loc) · 850 Bytes
Raw
1
Indicator
Data
Notes
2
sha256
92e2dafb6d91ac7bc725e680d53cfbfcc854033d14f6e4807fd0169c605324d2
3.ps1 (PowerShell script)
3
sha256
DCC938AF8FB2964A1F35ADFB221DE76FFC0BD0CCAAC91455B3638FD4DC33E8C0
EvtxParser.exe (EVTX dump)
4
sha256
0c3baa012cdb518982ec4ae954b395f3d6b9544ead8e050370219fa584f74f3c
2.vbs (VBS script)
5
sha256
c679a2453697c51776b8a64d59fb8bf4172906e9a4f91b3872774bd05378d28c
r.vbs (VBS script)
6
sha256
edd0c859424ab953a92ef20cfc8b938f469253122485915d6de80d314b18b08f
mscorsvc.dll (CCoreDoor)
7
sha256
55277d86c0707459500dbb16915665ae611d3a4e4597d51599ea8b8fe6f85f29
mscorsvc.dll (CCoreDoor)
8
sha256
a70e8317a608dd6ea0ad8564b089a153a7e3ab7ef763899d3d806141e820148e
ntpsapi.dll (signed, benign, ntdll.dll used for EDR unhooking)
9
domain
message.ooguy.com
CCoreDoor C2
10
ip
146.190.93.250
CCoreDoor C2
